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Remarks 

The application was filed on 19 April 2001 with sixteen claims. The Examiner 
examined the application and on 21 October 2004 issued a first Action. In the 
Examiner's Action, the Examiner rejected claims 1-7 and 10-16 under 35 U.S.C. § 103(a) 
as being unpatentable over U.S. Patent No. 6,405, 364 Bl entitled BUILDING 
Techniques in a Development Architecture Framework to Bowman-Amuah 
(Bowman-Amuah '364). The Examiner also rejected claims 8-9 under 35 U.S.C. § 103(a) 
as being unpatentable over Bowman-Amuah '364 in view of U.S. Patent No. 5,519,778 
entitled METHOD FOR ENABLING USERS OF A CRYPTOSYSTEM TO GENERATE AND USE A 

Private Pair Key for Enciphering Communications Between the Users to 
Leighton et al. (Leighton '778). 

Applicants respond. Applicants amend independent claims 1 and 7 and 
dependent claims 8 and 9. Applicants have not added new matter with the amendments 
to independent claims 1 and 7. Support for the security properties to include an audit 
subsystem, an integrity subsystem, and an information flow control subsystem in given 
in the original filed specification in Figures 3, 4, 5, and 7, and the respective 
descriptions on page 13, line 2 through page 14, line 20 and on page 15, line 19 through 
page 16, line 11. Support for ranking of threats to the security properties of the overall 
solution, as included in amended claims 8 and 9, is given in original claims 7, 8, and 9. 
Claims 1-16 are pending. 

The Rejection Under 35 U.S. C. $103(a) over Bowman-Amuah '364 

The Examiner rejected claims 1-7 and 10-16 under 35 U.S.C. § 103(a) as being 
unpatentable over Bowman-Amuah '364. The Examiner asserts that Bowman-Amuah 
'364 discloses a system and method for building systems in a development architecture 
framework wherein security is integrated into the solution. The Examiner admits that 
Bowman-Amuah '364 does not disclose creating a functional technology diagram, but 
does disclose documenting the process which performs the function of the functional 
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technology diagram. In response, Applicants have amended independent claims 1 and 
7. The amendments have narrowed the claims to particularly point out and distinctly 
claim that the second system that identifies the security properties based on functions 
attributable to security subsystems wherein the security subsystems further comprise 
an audit subsystem process, an integrity subsystem process and an information flow 
control subsystem process. Applicants have further amended claims 8 and 9 to more 
distinctly claim that the ranked security threats are to the security properties of the 
overall solution. 

Bowman-Amuah '364 teaches an integrated development framework for the 
creation of software that has security management. The most detail that Bowman- 
Amuah '364 provides for security management is presented at column 49, line 65 
through column 51, line 13. Attorney for Applicants have read through these and 
other columns several times looking for an audit subsystem and process, an integrity 
subsystem and process, and an information control subsystem and process, all being 
integrated in a second system which determines the overall security properties, as 
claimed in amended independent claims 1 and 7. Respectfully, I could not find that the 
audit, the integrity, or the information flow control subsystems are integrated in the 
system of Bowman-Amuah '346. The security management system of Bowman-Amuah 
'364 deals mainly with preventing unauthorized access to the system, e.g., intrusion 
detection, network assessment, platform security to minimize the opportunities for 
intruders web-based access control, fraud services, mobile code security, e-mail, 
encryption, public key infrastructure, authentication system, and firewall. Bowman- 
Amuah '364 briefly mentions the need for security audits for the development 
architecture framework at column 18, lines 60-63, but merely states that audits can be 
done by an external body specializing in security in the form of interviews, 
architecture and code reviews, and automated tool assessment. Nowhere, does 
Bowman-Amuah '364 talk about an integrated audit subsystem process, an integrated 
integrity subsystem process, and an integration information flow control subsystem 
process that is part and parcel of the system allocating security properties. 
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In view of the amendments above, Applicants respectfully request the Examiner 
to withdraw the rejection of claims 1-7 and 10-16 under 35 U.S.C. § 103(a) by 
modification of Bowman-Amuah '364 because the reference does not teach or suggest 
the integration of auditing, managing integrity, and managing information flow control 
in determining the overall security properties of a solution. 

The Rejection of claims 8'9 Under 35 U.S. C. § 103(a) over Bowman-Amuah '364 in view 
of Leighton '778 

The Examiner rejected claims 8-9 under 35 U.S.C. § 103(a) under a combination 
of Bowman-Amuah '364 in view of Leighton 778. The Examiner applies Bowman- 
Amuah '364 as above and then applies Leighton '778 as a reference to rank the security 
levels and threats to the system. Applicants reiterate that Bowman-Amuah '364 
does not teach or suggest that auditing the security properties, managing the 
integrity and/or the information flow control of a information technology system 
can be integrated into a security management system. 

Leighton '778 applies a ranking system to users of a cryptosystem wherein 
communications are ciphered between ranked users of the system, i.e., one user may 
have a higher security clear ance/level than another user. Leighton '778 ranks only 
those users for secret-key exchange wherein first, users can directly talk to one another 
and second the conversation between two users always takes place at the highest 
common level of security, see column 6, lines 44-47. Leighton '778 does not suggest 
applying a ranking of security threats to any other subsystems of a software 
development system, such as claimed by Applicants. Threats to management of audits, 
integrity, and information flow control are not mentioned by Leighton '778. Thus, with 
the Examiner's observation that Bowman-Amuah '364 does not rank security threats 
combined with the fact that Leighton '778 ranks only the security level of users on a 
cryptographic system, Applicants respectfully request the Examiner to reconsider the 
rejection of claims 8 and 9 under 35 U.S.C. § 103(a) and allow the claims. 
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Conclusion 



Applicants maintain that the security management proffered by Bowman- 
Amuah '364 does not teach nor suggest, nor can be easily modified to integrate the 
three process subsystems claimed in independent claims 1 and 7 of Applicants' 
invention. The combination of Bowman-Amuah '364 with Leighton 778, moreover, does 
not teach the three subsystems integrated into security wherein the risks to the 
auditing, the risks to the integrity, and the risks to the information flow control 
subsystems are ranked. 

Attorney for Applicants thank the Examiner for her careful review of the 
specification, the figures, and the claims. Applicants have thus amended the 
specification to remove minor typographical mistakes, and have amended the claims to 
overcome the rejection under 35 U.S.C. § 103(a) because Bowman-Amuah '364 does not 
teach an integrated security system having subsystems for auditing, managing 
integrity, and managing information flow control. Bowman-Amuah '364 and Leighton 
778 combined further do not teach ranking threats to the security of those and other 
subsystems. Having reviewed the art submitted by the Examiner, Attorney for 
Applicants is confident of the patentability of the claimed invention herein and 
requests the Examiner to allow all claims. The Examiner is further invited to telephone 
the Attorney listed below if she thinks it would expedite the prosecution and the 
issuance of the patent. 



Date: 21 April 2005 



By 




OLO ■ Ojanen Law Offices 
1530 Greenview Drive, SE 
Suite 212 



Rochester, MN 55902-1080 
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